allow kernel efs_file:dir search;
allow kernel self:capability { mknod };

#dontaudit kernel self:capability { dac_read_search };
